Account for additional record expansion when using CIDs Using the Connection ID extension increases the maximum record expansion because - the real record content type is added to the plaintext - the plaintext may be padded with an arbitrary number of zero bytes, in order to prevent leakage of information through package length analysis. Currently, we always pad the plaintext in a minimal way so that its length is a multiple of 16 Bytes. This commit adapts the various parts of the library to account for that additional source of record expansion.

commit: 6cbad5560dfcd987ce760afdbc9dddab60a3be5f [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Wed May 08 15:40:11 2019 +0100
committer: Hanno Becker <hanno.becker@arm.com> Mon Jun 03 16:07:50 2019 +0100
tree: c972ea9241441cedad543edd737dd3ae92a511cc
parent: ad4a1379651a442316df77275c14f53f67ef53e8 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ab2ae6f..cce834e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -9261,6 +9261,11 @@
             return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
 
+#if defined(MBEDTLS_SSL_CID)
+    if( transform->out_cid_len != 0 )
+        transform_expansion += MBEDTLS_SSL_MAX_CID_EXPANSION;
+#endif /* MBEDTLS_SSL_CID */
+
     return( (int)( out_hdr_len + transform_expansion ) );
 }
commit	6cbad5560dfcd987ce760afdbc9dddab60a3be5f	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Wed May 08 15:40:11 2019 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Mon Jun 03 16:07:50 2019 +0100
tree	c972ea9241441cedad543edd737dd3ae92a511cc
parent	ad4a1379651a442316df77275c14f53f67ef53e8 [diff] [blame]